{"data":{"id":"48233a88-ccdf-487f-8054-a5e64e687a7d","title":"v0.14.16","summary":"This release (v0.14.16) of llama-index-core includes multiple security and stability fixes, including a critical security patch that adds RestrictedUnpickler to prevent unsafe deserialization (CWE-502, a vulnerability where untrusted data can be converted back into Python objects in unsafe ways). The update also introduces new rate-limiting features, fixes async/await issues that could block operations, and improves how the system handles tool calls and API retries across various AI model integrations.","solution":"Update to llama-index-core version 0.14.16 or later. The security fix is implemented in commit #20857: 'add RestrictedUnpickler to SimpleObjectNodeMapping (CWE-502)'.","labels":["security"],"sourceUrl":"https://github.com/run-llama/llama_index/releases/tag/v0.14.16","publishedAt":"2026-03-10T19:20:35.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"low","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":["LlamaIndex"],"affectedVendorsRaw":["LlamaIndex","OpenAI","Anthropic","Mistral","AWS Bedrock"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-03-10T19:20:35.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}